package org.gdufe.gateway.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

/**
 * @description 安全配置类
 *
 */
 @EnableWebFluxSecurity//SpringCloud Gateway是基于webFlux的，跟SpringMVC传统方式是不兼容的：比如你在里面没法使用HttpServletRequest、HttpServletResponse，和HttpSession。
 // 对于WebFlux来讲，使用的是ServerWebExchange和WebSession。
 @Configuration
 public class SecurityConfig {


  //安全拦截配置
  @Bean
  public SecurityWebFilterChain webFluxSecurityFilterChain(ServerHttpSecurity http) {

   return http
           .authorizeExchange()
           .pathMatchers("/**").permitAll()//特殊请求过滤
           //.anyExchange().authenticated()//任何请求都需要身份认证
           .and().csrf().disable().build();
  }


 }
